GKE (Google Container Engine) uses self-signed certificate, which get rejected when using the default JRE/HttpClient setup.

adding certificate to JRE's `/lib/security/jssecacerts` is a possible workaround but is unpleasant and sometime impossible for jenkins admins who aren't system admin on master host.